Planning for the Breach: Part 1

Share and earn Cybytes
Facebook Twitter LinkedIn Email

Defense is not Enough: Plan for the Breach

A strong defense is not only important, it is critical. Without a focused defensive posture (including adaptation to emerging threats and preparation to fight the “next war”) you will be overrun.

But even the best defensive tools and strategies do not make for an inviolable structure. Cities are besieged. Armies have marched over, under and around barriers for centuries.  Radar can be eluded. The lever of asymmetric warfare is exploitation of real and virtual weaknesses of even the best- funded and defended adversary. If spies and covert actors are not already in your midst, recruits should be expected.

At some point and at some level, all IT systems will be breached. The question is, what is your plan to mitigate the effect when it happens to you?

  • Do you have containment, eradication and recovery plans?
  • Have you optimized your response processes with: (1) a clearly defined command topology (2) observable and accountable action steps in a predefined workflow  (3) communication protocols to address both technical and supporting roles of your organization, and (4) the right level of process automation?

A response plan is evidence of preparation.  And, preparation is more critical to quickly thwarting bad actors in your environment than several rooms full of cyber SMEs with “plans” stuck in their heads.

As the fog of war descends on a breached environment, a plan for the way forward is pivotal. As Colonel VanDriel recently postulated in Bridging the Planning Gap: Incorporating Cyberspace Into Operational Planning (2015).

if a commander…ignores (planning for) cyberspace, not only will that commander have ceded the cyberspace domain to the adversary, but the adversary can then proceed to undermine that commander’s effectiveness in the other four domains (of warfare). (

No plan is perfect to combat every iteration of the malevolence that threat actors will dispatch. However, in responding to a breach, a lot of people will need to get a lot of things done; frequently simultaneously. If you are spending time and resources during a breach deciding what should be done (and by whom) you will have wasted critical time and will likely commit unnecessary, unforced errors. Moreover, the more automated your predefined plan is, the more efficient it will be carried out, with an auditable post incident taxonomy capture.

The post Planning for the Breach: Part 1 appeared first on Cybersponse.

Share this post and earn Cybytes
Facebook Twitter LinkedIn Email
About CyberSponse, Inc.
CyberSponse Incorporated, a global leader in cyber security automation & orchestration, helps accelerate an organization’s processes, security operations teams and incident responders. The CyberSponse platform enables organizations to seamlessly integrate, automate and playbook their security tool stack, enabling better, faster and more effective security operations. With a global presence, offering an enterprise platform, Cybersponse enables organizations to secure their security operations teams and environments.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play

Support Cybrary

Donate Here to Get This Month's Donor Badge

Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?